OmicsDM/docker-compose.prod.yml at main · CNAG-Biomedical-Informatics/OmicsDM · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
version: '3.9'

services:
  api:
    build:
      context: ./scdm_server
      # target: dev
      args:
        - IGNORE_CACHE_FROM_HERE=${IGNORE_CACHE_FROM_HERE}
    depends_on:
      - api-db
    # ports:
    #   - 8083:8083
    env_file:
      - .env
    tty: true
    volumes:
      - type: bind
        source: /etc/kubernetes/pki/ca.crt
        target: /home/.kube/ca.crt

      - type: bind
        source: ./scdm_server/server/config/config.py
        target: /usr/src/app/server/config/config.py

    command: [ sh, compose_server.sh ]
    # extra_hosts:
    #   - "${JENKINS_URL}:${JENKINS_HOST_IP}"
    networks:
      - api-nw
      - devops_vm_reverseproxy-nw

  api-db:
    image: postgres:13-alpine
    volumes:
      - postgres-data-scdm:/var/lib/postgresql/data/
    environment:
      - POSTGRES_DB=${API_DB}
      - POSTGRES_USER=${API_DB_USER}
      - POSTGRES_PASSWORD=${API_DB_PW}
    networks:
      - api-nw

  client:
    build:
      context: ./scdm_client
      args:
        - IGNORE_CACHE_FROM_HERE=${IGNORE_CACHE_FROM_HERE}
    depends_on:
      - api
    volumes:
      - ./scdm_client/config.js:/usr/share/nginx/html/config.js
      - ./nginx_mountpoint/logs:/var/log/nginx
      - ./nginx_mountpoint/templates:/etc/nginx/templates:ro
      - ./nginx_mountpoint/includes:/etc/nginx/includes:ro
      #- ./nginx_mountpoint/certs/omicsdmsc.vm2.dev.pem:/etc/nginx/omicsdmsc.vm2.dev.pem:ro
      #- ./nginx_mountpoint/certs/omicsdmsc.vm2.dev-key.pem:/etc/nginx/omicsdmsc.vm2.dev-key.pem:ro
    environment:
      NODE_ENV: production
      # VIRTUAL_HOST: vm2.omicsdmsc
      # VIRTUAL_PORT: 80
    networks:
      - devops_vm_reverseproxy-nw
    tty: true

  keycloak-db:
    image: postgres:13-alpine
    container_name: kc-db
    environment:
      POSTGRES_DB: ${KC_DB}
      POSTGRES_USER: ${KC_DB_USER}
      POSTGRES_PASSWORD: ${KC_DB_PW}
    restart: unless-stopped
    healthcheck:
      test: pg_isready -U ${KC_DB_USER}

  keycloak:
    container_name: keycloak
    image: quay.io/keycloak/keycloak:20.0.1
    depends_on:
      - keycloak-db
    environment:
      DB_VENDOR: postgres
      DB_ADDR: postgres
      DB_DATABASE: keycloak
      DB_USER: ${KC_DB_USER}
      DB_PASSWORD: ${KC_DB_PW}
      KEYCLOAK_ADMIN: ${KC_ADMIN_USER}
      KEYCLOAK_ADMIN_PASSWORD: ${KC_ADMIN_PW}
      KC_PROXY: edge
      KC_HOSTNAME_STRICT: false
      KC_HOSTNAME_PATH: /auth
      KC_HOSTNAME_URL: https://${DOMAIN}/auth/
      KC_HOSTNAME_ADMIN_URL: https://${DOMAIN}/auth/
      KC_HTTPS_CERTIFICATE_FILE: /opt/keycloak/conf/server.crt.pem
      KC_HTTPS_CERTIFICATE_KEY_FILE: /opt/keycloak/conf/server.key.pem
      KC_HEALTH_ENABLED: true
    volumes:
      - type: bind
        source: ./realm-export.json
        target: /opt/keycloak/data/import/realm-export.json
      - type: bind
        source: ./nginx_mountpoint/certs/${DOMAIN}.pem
        target: /opt/keycloak/conf/server.crt.pem
        read_only: true
      - type: bind
        source: ./nginx_mountpoint/certs/${DOMAIN}-key.pem
        target: /opt/keycloak/conf/server.key.pem
        read_only: true
    restart: unless-stopped
    command: ${KC_CMD}
    healthcheck:
      test: curl localhost:8080/health | grep -q "UP"
      interval: 10s
      timeout: 10s
      retries: 5

  # TODO
  # S3 storage is missing
  # e.g. local stack or minio

volumes:
  postgres-data-scdm:

networks:
  devops_vm_reverseproxy-nw:
    external: true
  api-nw: